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aragraph: 

This application is a continuation of Application No. 09/208,017 filed December 




K^f99, which is a continuation of Application No. 08/388,107 filed February 13, 1995, 

now abandoned 



I 



^^STAVA/UBLECOPV 



Attorney Docket No. 032406-002 
Application No. 09/4 11 .20 j 



IN THE ri ATMS : 



Please can(^d claims 1-90 of the application as originally filed and add new claims 



91-148 as follows: 



-91. A method for managing a data object so as to comply with control conditions 
for usage of the data object, comprising the steps of: 

storing the data object in a memory device, where it is accessible by means of a 
data object provider's data processor; 

providing a variable number of control conditions for usage of the data object; 
creating, by said data processor, a general set of control data for the data object 
based on said variable number of control conditions for usage, said general set of control 
data comprising at least one or more usage control elements defining usages of 
the data object which comply with said variable number of control condiUons, 

storing said general set of control data in a memory device, where it is 
accessible by said data processor; 

concatenating the general set of control data with a copy of the data object; and 
encrypting at least the copy of the data object and said one or more usage 
control elements to create a secure data package which is ready for transfer to a user. 

92. A method as set forth in claim 91, wherein the step of encrypting comprises 
encrypting the data object and the general set of control data. 
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93. A method as set forth in claim 91 , wherein the step of creating control data 
comprises creating an identifier which uniquely identifies the general set of control data, 

94. A method as set forth in claim 91 , wherein the step of creating a general set of 
control data comprises creating a security control element which identifies a security 
process to be applied before usage of the data object is allowed. 

95. A method as set forth in claim 91, wherein the step of creating a general set of 
control data comprises creating a format control element which identifies the format of the 
control data. 

96. A method as set forth in claun 91, further comprising the steps of receiving in 
said data processor a request for authorization for usage by a user; comparing the usage for 
which authorization is requested with said one or more usage control elements of the 
general set of control data and granting the authorization if the usage for which 
authorization is requested complies with the usages defined by said one or more usage 
control elements, 

97. A method as set fonh in claim 96, further comprising the step of securing 
payment for the requested authorization for usage before granting the authorization. 
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98. A method as set forth in claim 91 , comprising the further steps of: 
receiving the data package in a user's data processor; 

storing the data package in a memory device where it is accessible by means of 
the user's data processor; 

decrypting said one or more usage control elements; 
checking, in response to a request by the user for usage of the data object, 
whether the requested usage complies with the usage defined by the at least one usage 
control element of the general set of control data; 

decrypting, in response to the requested usage complying with the usage defined 
by the at least one usage control element of the general set of control data, the data object 
and enabling the requested usage, otherwise disabling it. 

99. A method as set forth in claim 98, comprising the further steps of 
reconcatenating, after the usage of the data object, the data object and the one or more 
usage control elements, reencrypting at least the data object and the one or more usage 
control elements, and storing the thus-repackaged data package in the memory of the user's 
data processor. 



100. A method for controlling the usage by a user of a data object so as to comply 
with control conditions for usage of the data object, comprising the steps of: 

providing a variable number of control conditions for usage of the data object; 
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storing a data package in a memory device, where it is accessible by means of 
a data processor of the user, said data package comprising the dau object and control data, 
which .comprises at least one usage control element defining a usage of the data object 
which complies with the variable number of control conditions, the data object and said at 
least one usage control element being encrypted; 

receiving a request by the user for usage of the data object; 

decrypting the control data; 

checking, in response to the request by the user for usage of the data object, 
whether the requested usage complies with the usage defined by the at least one usage 
control element of the control data; and 

decrypting, in response to the requested usage complying with the usage 
defined by the at least one usage control element of the control data, the data object and 
enabling the requested usage, otherwise disabling it. 

101 . A method as set forth in claim 100. wherein the usage comrol element is 
updated after the at least one usage of the data object. 

102. A method as set forth in claim 100, wherein said control data comprises an 
indication of the number of times the user is authorized to use the data object in accordance 
with said at least one usage control element; 
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wherein the requested usage of the data object is only enabled when said 
number of times is one or more; and 

wherein said number of times is decremented by one when the requested usage 

is enabled. . 

103. A method as set forth in claim 100, wherein the control data comprise a 
security control element, and further comprising the step of carrying out, before each usage 
of the data object, a security procedure defined in the security control element. 

104. A method as set forth in claim 100, wherein the step of checking whether the 
requested usage complies with the usage defined by the at least one usage control elemcm 
comprises the step of checking that the user's data processor is capable of carrying out a 
security procedure specified in a security conuol elemem of the at least one usage control 
element, and if not, disabling the usage. 



105. A method as set fonh in claim 100, comprising the further steps of 
reconcatenating. after the usage of the data object, the data object and the one or more 
usage control elements, reencrypting at least the data-object and the one or more usage 
control elements, and storing the thus-repackaged data package in the memory of the user's 
data processor. 
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106. A system for managing a data object so as to comply with control conditions 
for usage of the data object, comprising means for providing a variable number of control 

conditions; 

first means in the data object provider's data processor for creating a general 
set of control data for the data object based on the variable number of control conditions 
for usage, said general set of control data comprising at least one or more usage 
control elements defining usages of the data object which comply with the variable number 
of control conditions; 

storing means, which are accessible by means of said data processor, for 
storing the data object and the general set of control 
data; 

concatenating means for concatenating the general set of control data with a 
copy of the data object; and 

encrypting means for encrypting the copy of the data object and at least said 
one or more usage control elements to create a secure data package, which is ready for 
transfer to a user. 



107. A system as set forth in claim 106. wherein the general set of control data 
comprises a control data element which defines the right to further distribution of the data 



object by the user. 
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108. A system for controlling the usage by a user of a data object so as to comply 
with control conditions for usage of the data object, comprising: 

means for providing variable number of control conditions; 
storing means for storing a data package which comprises a data object and a 
control data comprising at least one usage control element defying a usage of the data 
object which complies with the variable number of control conditions; 

means for decrypting the at least one usage control element and the data 

object; 

checking means for checking whether a usage requested by the user complies 
with the usage defined by said at least one usage control element; 

enabling means for enabling the usage requested by the user when the usage 
complies with the usage defined by said at least one usage control element; and 

disabling means for disabling the usage requested by the user when the usage 
does not comply with the usage defined by said at least one usage control element. 

109. A system as set forth in claim 108. further comprising means for repackaging 
the data objea after usage thereof. 



1 10. A method for controlling the usage by a user of data objects so as to comply 
with predetermined conditions for usage of the data objects, comprising the steps of: 
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storing at least two data packages in a memory device, where they are 
accessible by a data processor of the user, each said data package comprising a data object 
and a user set of control data, which comprises at least one usage control element defining 
a usage of the data object which complies with the predetermined conditions, the data 
object and said at least one usage control elements being encrypted; 

decrypting the usage control elements of the user sets of control data; 

examining the usage control elements of said at least two data packages to find 

a match; 

using, in response to the finding of a match, the data processor to carry out an 
action, which is specified in the user sets of control data. 



1 1 1 . A method as set forth in claim 1 10, comprising the further steps of updating 
the at least one usage control element of each data package, concatenating after the usage 
of the data objects, each of the data objects and its at least one usage control element, 
reencrypting each of the concatenated data objects and its at least one usage control element 
and transferring the repackaged data objects to their creators. 

112. A method for managing a data object so as to comply with predetermined 
conditions for usage of the data object, comprising the steps of: 

storing the data object in a memory device, where it is accessible by means of 
a data object provider's data processor; 
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providing control conditions for usage of the data object; 

creating, by said data processor, a general set of control data for the data 
object based on said control conditions for usage, said general set of control data 
comprising at least one or more usage control elements defining usages of the data object 
which comply with said control conditions; 

storing said general set of control data in a memory device, where it is 
accessible by said data processor; 

concatenating the general set of control data with a copy of the data object; 

encrypting at least the copy of the data object and said one or more usage 
control elements to create a secure data package which is ready for transfer to a user; 

creating, in response to a request for authorization for usage of the data object 
by a user, a user set of control data, which comprises at least a subset of the general set of 
control data, including at least one of said usage control elements: 

using the user set of control data instead of the general set of control data in 
said concatenating step; 

using the at least one or more usage control element of the user set of control 
data instead of the one or more usage control elements of the general set of control dau in 
the encrypting step; and 

checking, before allowing transfer of the data package to the user, that said 
request for authorization for usage of the data object has been granted. 
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113. A method as set forth in claim 1 12. wherein the data object is composed of at 
least two constituent data objects and wherein the user set of control data, in response to a 
request for authorization for usage of one of said constituent data objects by a user, is 
created only for that constituent data object and concatenated only with a copy of that 
constituent data object. 

1 14. A method as set forth in claim 112, wherein the data provider's dau processor 
is connected to a dau network and the request for authorization is received from a data 
processor of the user, which is also comiected to the data network, further comprising the 
step of transferring the data package through the data network to the user's data processor. 

115. A method as set forth in claim 1 12. wherein the data object is a composite 
data object including at least two constituent data objects and wherein the step of creating a 
general set of control data comprises the step of creating a respective general set of control 
data for each of the constituent data objects and the composite data object and wherein the 
step of creating a user set of control data comprises the step of creating a respective user 
set of control data for each of the constituent data objects and the composite data object. 

1 16. A method as defined in claim 1 12. comprising the further step of storing a 
copy of the user set of control data in the data object provider's processor. 
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1 17. A method as defined in claim 1 12. comprising the further steps of: 
receiving the data package in a user's data processor; 
storing the data package in a memory device v^here it is accessible by means 
of the user's data processor; 

decrypting the at least one usage control element of the user set of control 

data; ^ 

checking, in response to a request by the user for usage of the data object, 
whether the requested usage complies with the usage defined by the at least one usage 
control element of the user set of control data; and 

decrypting, in response to the requested usage complying with the usage 
defined by the at least one usage control element of the user set of control data, the data 
object and enabling the requested usage, otherwise disabling it. 

118. A method as set forth in claim 112, further comprising: 
receiving the data package in a user's dau processor; 
storing the data package in a memory device where it is accessible by means 
of the user's data processor; 

decrypting the at least one usage control element of the user set of control 

data; 
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checking, in response lo a request by the user for usage of the data object, 
whether the requested usage complies with the usage defined by the at least one usage 
control element of the user set of control data; 

decrypting, in response to the requested usage complying with the usage 
defined by the at least one usage control element of the user set of control data, the data 
object and enabling the requested usage, otherwise disabling it; and 

reconcatenating, after the usage of the data object, the data object and the one 
or more usage control elements of the user set of control data, and reencrypting at least the 
data object and the one or more usage of the user set of control data. 

119. A system for managing a data object so as to comply with control conditions 
for usage of the data object, comprising: 

first means in the data object provider's data processor for creating a general 
set of control data for the data object based on the predetermined conditions for usage, said 
general set of control data comprising at least one or more usage control elements defining 
usages of the data object which comply with the predetermined conditions; 

storing means, which are accessible by means of said data processor, for 
storing the data object and the general set of control data; 

concatenating means for concatenating the general set of control data with a 
copy of the data object; 
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encrypting means for encrypting the copy of the data object and at least said 
one or more usage control elements to create a secure data package, which is ready for 
transfer to a user; 

second means in said data processor for creating, in response to a request for 
authorization for usage of the data object by a user, a user set of control data, which 
comprises at least a subset of the general set of control data, which subset comprises at 
least one of said usage control elements; 

using the user set of control data instead of the general set of control data in 
the storing means; 

using the user set of control data instead of the general set of control data in 
the concatenating means; 

using the user set of control data instead of the general set of control data in 
the encrypting means; and 

checking means in said data processor for checking that said request for 
authorization for usage of the data object has been granted before allowing transfer of the 
data package to the user. 

120. A method for managing an object so as to comply with control conditions for 
usage of the object, comprising the steps of: 

storing the object in a storage device, where it is accessible by means of an 
object provider's electronic appliance; 
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providing a variable number of control conditions for usage of the object; 
creating, by said electronic appliance, a general set of control data for the 
object based on said variable number of control conditions for usage, said general set of 
control data comprising at least one or more usage control elements defining usages of 
the object which comply with said variable number of control conditions, 

storing said general set of control data in a storage device, where it is 
accessible by said electronic appliance; 

containerizing the general set of control data with a copy of the object; and 
encrypting at least the copy of the object and said one or more usage control 
elements to create a secure container which is ready for transfer to a user. 

121. A method as set forth in claim 120, wherein the step of encrypting comprises 
encrypting the object and the general set of control data. 

122. A method as set forth in claim 120, wherein the step of creating control data 
comprises creating an identifier which uniquely identifies the general set of control data. 

123. A method as set forth in claim 120, wherein the step of creating a general set. 
of control data comprises creating a security control element which identifies a security 
process to be applied before usage of the object is allowed. 
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124. A method as set forth in claim 120, wherein the step of creating a general 
of control data comprises creating a format control element which identifies the foniiat of 
the.control data. 

125. A method as set forth in claim 120. fiirther comprising the steps of receiving in 
said electronic appliance a request for authorization for usage by a user; comparing the 
usage for which authorization is requested with said one or more usage control elements of 
the general set of control data and granting the authorization if the usage for which 
authorization is requested complies with the usages defined by said one or more usage 
control elements. 

126. A method as set forth in claim 125, further comprising the step of securing 
payment for the requested authorization for usage before granting the authorization. 

127. A method as set forth in claim 120, comprising the further steps of: 
receiving the container in a user's electronic appliance; 

storing the container in a storage device where it is accessible by means of the 
user's electronic appliance; 

decrypting said one or more usage control elements; 



- 16- 



Attorney Docket No. 032406-00? 
Application No. 09/411 .20'; 



checking, in response to a request by the user for usage of the object, whether 
the requested usage complies with the usage defined by the at least one usage control 
element of the general set of control data; 

decrypting, in response to the requested usage complying with the usage 
defined by the at least one usage control element of the general set of control data, the 
object and enabling the requested usage, otherwise disabling it. 

128. A method as set forth in claim 127. comprising the fiirther steps of 
recontainerizing, after the usage of the objec. the object and the one or more usage control 
elements, reencrypting at least the object and the one or more usage control elements, and 
storing the thus-recontainerized container in the storage of the user's electronic appliance. 

129. A method for controlling the usage by a user of an object so as to comply with 
control conditions for usage of the object, comprising the steps of: 

providing a variable number of control conditions for usage of the object; 
storing a container in a storage device, where it is accessible by means of an 
electronic appliance of the user, said container comprising the object and control data, 
which comprises at least one usage control element defining a usage of the object which 
complies with the variable number of control conditions, the object and said at least one 
usage control element being encrypted; 

receiving a request by the user for usage of the object; 
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decrypting the control data; 

checking, in response to the request by the user for usage of the object, 
whether the requested usage complies with the usage defined by the at least one usage 
control element of the control data; and 

decrypting, in response to the requested usage complying with the usage 
defined by the at least one usage control element of the control data, the object and 
enabling the requested usage, otherwise disabling it. 

130. A method as set forth in claim 129, wherein the usage control element is 
updated after the at least one usage of the object. 

131 . A method as set forth in claim 129. wherein said control data comprises an 
indication of the number of times the user is authorized to use the object in accordance 
with said at least one usage control element; 

wherein the requested usage of the object is only enabled when said number of 
times is one or more; and 

wherein said number of times is decremented by one when the requested usage 

is enabled. 
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132. A method as set forth in claim 129, wherein the control data comprise a 
security control element, and further comprising the step of carrying out. before each usage 
of the object, a security procedure defined in the security control element. 

133. A method as set forth in claim 129. wherein the step of checking whether the 
requested usage complies with the usage defined by the at least one usage control element 
comprises the step of checking that the user's electronic appliance is capable of carrying 
out a security procedure specified in a security control element of the at least one usage 
control element, and if not, disabling the usage. 

134. A method as set forth in claim 129, comprising the further steps of 
recontainerizing, after the usage of the object, the object and the one or more usage control 
elements, reencrypting at least the object and the one or more usage control elements, and 
storing the thus-recontainerized container in the storage of the user's electronic appliance. 

135. A system for managing an object so as to comply with control conditions for 
usage of the object, comprising means for providing a variable number of control 
conditions; 

first means in the object provider's electronic appliance for creating a general 
set of control data for the object based on the variable number of control conditions for 
usage, said general set of control data comprising at least one or more usage control 
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136. A system as set forth in claim 135, wherein the general set of control data 
comprises a control data element which defines the right to further distribution of the 
object by the user. 



137. A system for controlling the usage by a user of an object so as to comply with 
control conditions for usage of the object, comprising: 

means for providing variable number of control conditions; 

storing means for storing a container which comprises an object and a control 
data comprising at least one usage control element defying a usage of the object which 
complies with the variable number of control conditions; 

means for decrypting the at least one usage comrol element and the object; 
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comprising the step of transferring the container through the data network to the user's 
electronic appliance. 

144. A method as set forth in claim 141. wherein the object is a composite object 
including at least two constituent objects and wherein the step of creating a general set of 
control data comprises the step of creating a respective general set of control data for each 
of the constituent objects and the composite objea and wherein the step of creating a user 
set of control data comprises the step of creating a respective user set of control data for 
each of the constituent objects and the composite object. 

145. A method as defined in claim 141, comprising the ftirther step of storing a 
copy of the user set of control data in the object provider's processor. 

146. A method as defined in claim 141. comprising the further steps of: 

receiving the container in a user's electronic appliance; 
storing the container in a storage device where it is accessible by means of the 
user's electronic appliance; 

decrypting the at least one usage control elemem of the user set of control 

data; 
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"^^^isfmtsid^imem^^msis^mM^iym^ym m asgge control 

elen^ent of the ^m0ifm^mo^^,ucsi for authorization for usage of the object by : 

user, a usdeSa'etf^««ilbiqffian^HftJ^gd-rfp»ifcijifi^ i^¥mmklfi&mm of 
def«|(ir6y d&fe?toffl^*5MStWfl^ data, the object 

and enabling ti^^lfSgmki^,^^^^^^^.^,^^^ 

said containerizing step; 

^47. A mQjiag a5^g{ fe8l.dH#laiift,iiyul3;geie6rf»81ffift^^ of the user set of control 
data insteftf<ifliYHi&«^tf50fH8re^^g HSMl^FtegHftfliS SiPRfe^ral set of control data in 
the encryiftffig%fe}Jieafiiantainer in a storage device where it is accessible by means of the 
user's electronitfiaHlHgc^efore allowing transfer of the container to the user, that said 

request foPm/^MiM ftjI^^fB^SigSeKfiAifteigi^fiittf.user set of control 
data; 

'^'tm^§^mm%m^Vm-iiikmmsmrmPimdli^m} f»¥e»§#RPtf<?fequest for 
ele«fflbfil*b#^^a|S«P«ffil64aSMd constituent objects by a user, is created only for that 

constituenfJffBjHHififid »>fiefflfi«s6rffyt^^qt,f gi^^^ 68fflBta ftHjfedihe usage 
defined by the at least one usage control element of the user set of control data, the object 
and enabii,s.tlj, msm^mm^rmfi^liim^^lmekM, ,3,3 
appliance is connected to a data network and the request for authorization is received' from 
an electronic appliance of the user, which is also connected to the data network, further 
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»s?|i Suites Sraia t<»M.m?i^, a, .eas, „.J«, 
and the one or more usage of the user set of control data. 

140. A method as set forth in claim 139. comprising the lunher steps of updating 

us^gl^f'^tih^^ga .^io'S.V'^S^^^ control element, reencrypting each 

ofthecontained^obj.^^^^^^^ 

se[»»«,tOT^, ^^^^^^^^ ^^^^ ^^^^ 

general set of control data comprising at least one or more usage control elements defining 
usages ofle o4jeWctepT/Mg'jjf|S^^^ 
conditions g-^e ofge^^^^^^^^ ^^^^^ ^^^^^^^^^ 

storing the objISTnl Si l&rslt»"tr1)m;^''^^« ^'^'^essible by means of an 
object provider's dat9 processor- 

contamerizmg means' for containerizing the general set of control data with a 

copy of the obK''''"8 control conditions for usage of the object; 

„~nvr.„g a, „„. „ „„„ ^^^^^^ ^^^^^ ^^^^ 

comply with said control conditions- 
second means in said efectronic appliance for creating, in response to a request 

for authorizati2Wut^geOTe'l§e°c{g?«^^^^^ SeVieWctedSl^fr^rildB 
accessible by said electronic aDDliance- 
comprises at ieast a subset of tlPJ'genlfal set of control data, which subset comprises at 

least one of saTul^'e'SlotelSg;'"' ^^""'^^o' data with a copy of the object; 



thWlifefte^ffl^efined by said at least one usage control element; 



tl/^«3fifeaigHftrf|%«^ defined by said at least one usage control element; and 

tlfifl68c99i){fflgBteiMSh^ usage defined by said at least one usage control element. 

checking means in said electronic appliance for checking that said request for 
authorimn4of>lHl|fe WijffefeQfecjnififeBeel^irM*^^ of the 

c<5fiS»te''WifiP8^-Qbject after usage thereof 

139. A method for controlling the usage by a user of objects so as to comply with 
predetermined conditions for usage of the objects, comprising the steps of: 

storing at least two containers in a storage device, where they are accessible 
by an electronic appliance of the user, each said container comprising an object and a user 
set of control data, which comprises at least one usage control element defining a usage of 
the object which complies with the predetermined conditions, the object and said at least 
one usage control elements being encrypted; 

decrypting the usage control elements of the user sets of control data; 
examining the usage control elements of said at least two containers to find a 

match; 
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